diff --git a/BappDescription.html b/BappDescription.html index ed16ce1..5ee185e 100644 --- a/BappDescription.html +++ b/BappDescription.html @@ -12,7 +12,12 @@ Allows to keep track of vulnerabilities, Map each paramter and API call to vulnerability from the Checklist and severity
  • Config
    - Allow to set Auto save the project or extension data and auto load the checklist. Also import and export all data with one click +
    • diff --git a/PentestMapper.py b/PentestMapper.py index d76f060..318bdad 100644 --- a/PentestMapper.py +++ b/PentestMapper.py @@ -1,50 +1,30 @@ -from burp import IBurpExtender, ITab # To Create Main Class -import sys # Required for debugging in BurpSuite -from burp import IContextMenuFactory -from burp import IContextMenuInvocation, IHttpService, IParameter, IMessageEditorController, IHttpRequestResponse -from burp import IMessageEditorTabFactory -from burp import IMessageEditorTab, IExtensionStateListener -from burp import IBurpExtender -from burp import IMessageEditorTabFactory -from burp import IMessageEditorTab -from java.awt import BorderLayout, FlowLayout -from javax import swing -from java import awt +from burp import (IBurpExtender, ITab, IContextMenuFactory, IContextMenuInvocation, +IHttpService, IParameter, IMessageEditorController, IHttpRequestResponse, IProxyListener, +IMessageEditorTabFactory, IMessageEditorTab, IExtensionStateListener ) + +from java.awt import (BorderLayout, FlowLayout , Dimension, Font, Color, Cursor) + +from javax.swing import (JMenuItem, JTable, JButton, JTextField, GroupLayout, JTabbedPane, JTextPane, RowFilter +,JScrollPane, JSplitPane, JLabel, JPopupMenu, JComboBox, DefaultCellEditor, JToggleButton, JTextArea +,JPanel, JFileChooser, JSeparator,LayoutStyle ) + +from javax.swing.table import ( DefaultTableModel, AbstractTableModel, TableRowSorter ) +from javax.swing.SwingConstants import VERTICAL from java.lang import Short -from javax.swing import JMenuItem -import csv - -from java.lang import String, Integer, Comparable -from java.util import ArrayList, List -from javax.swing import ListSelectionModel , KeyStroke -from javax.swing.table import DefaultTableModel, AbstractTableModel , TableColumnModel , DefaultTableColumnModel, TableRowSorter -from javax.swing import JTable, JButton, JTextField, GroupLayout, JTabbedPane ,JTextArea, JTextPane, RowFilter -from javax.swing import JScrollPane, JSplitPane, JLabel, AbstractAction, JPopupMenu, JComboBox, DefaultCellEditor -from java.awt import Dimension, GridLayout, Font, Color -import javax.swing.BoxLayout import javax.swing.Box -from javax.swing import JPanel, JFileChooser, AbstractButton from javax.swing.filechooser import FileNameExtensionFilter -from javax.swing import JFileChooser -from javax.swing import * -from java.awt import * -from java.awt.event import * -from javax.swing.event import TableModelListener -#from java.awt.event import MouseAdapter, MouseListener -from threading import Lock, Timer -from java.awt.event import ActionListener, KeyEvent -from javax.swing.undo import UndoManager, CompoundEdit -#from javax.swing.event import UndoableEditEvent, DocumentListener +from java.awt.event import ActionListener from urlparse import urlparse -import time -import os -#import schedule +import time, csv, sys, os +from threading import Thread, Event, Lock + + # Creating Burp Extend Class -class BurpExtender(IBurpExtender, ITab, IContextMenuFactory, AbstractTableModel, IMessageEditorController, TableColumnModel, IExtensionStateListener): +class BurpExtender(IBurpExtender, ITab, IContextMenuFactory, AbstractTableModel, IMessageEditorController, IExtensionStateListener): def registerExtenderCallbacks(self, callbacks): @@ -57,58 +37,50 @@ def registerExtenderCallbacks(self, callbacks): # Informing Burp suite the name of the extension callbacks.setExtensionName("Pentest Mapper") + + #adding extension state listner if extenion loaded on unloaded callbacks.registerExtensionStateListener(self) + # Creating a output after loading callbacks.printOutput("Author: AnoF") - callbacks.printOutput("Version: 1.5") + callbacks.printOutput("Version: 1.6") callbacks.printOutput("https://github.com/Anof-cyber/Pentest-Mapper") callbacks.registerContextMenuFactory(self) - #callbacks.registerMessageEditorTabFactory(self) - - - self.tab = swing.JPanel(BorderLayout()) - self.tabbedPane = swing.JTabbedPane() + self.tab = JPanel(BorderLayout()) + self.tabbedPane = JTabbedPane() self.tab.add("Center", self.tabbedPane) self._log = list() - #self.vulnlist =list() - #self.logEntry = list() self._lock = Lock() - #self.checklistlog = list() - # Creating Another Tab in the extension tab + # Creating Another Tab in the extension tab # Creating the First tab named as CheckList - self.firstTab = swing.JPanel() + self.firstTab = JPanel() self.firstTab.layout = BorderLayout() self.tabbedPane.addTab("CheckList", self.firstTab) callbacks.addSuiteTab(self) # Creating a Import button in CheckList Tab - - self.buttonPanel = swing.JPanel() + self.ChecklistbuttonPanel = JPanel() self.searchchecklist = JTextField('', 15) - self.buttonPanel.add(self.searchchecklist) - self.buttonPanel.add(swing.JButton("Search", actionPerformed=self.searchinchecklist)) + self.ChecklistbuttonPanel.add(self.searchchecklist) + self.ChecklistbuttonPanel.add(JButton("Search", actionPerformed=self.searchinchecklist)) - #self.buttonPanel.setPreferredSize(Dimension(0, 30)) + # adding the import button with onclick action which refers to the function below - self.buttonPanel.add(swing.JButton( + self.ChecklistbuttonPanel.add(JButton( "Import CheckList", actionPerformed=self.importchecklist)) - #self.firstTab.add(Box.createRigidArea(Dimension(35, 0))) - self.buttonPanel.add(swing.JButton( + self.ChecklistbuttonPanel.add(JButton( "Create CheckList", actionPerformed=self.createtestcases)) - self.firstTab.add(self.buttonPanel, BorderLayout.PAGE_START) + self.firstTab.add(self.ChecklistbuttonPanel, BorderLayout.PAGE_START) # Creating a tab in CheckList tab which will show the data from the import checlist - self.tablePanel = swing.JPanel() - #layout = GroupLayout(self.tablePanel) - #self.tablePanel.setLayout(layout) + self.tablePanel = JPanel() self.colNames = ('Sr', 'Test-Cases') - self.data = [['', ''], ] self.dataModel = CustomDefaultTableModelHosts(None, self.colNames) self.table = JTable(self.dataModel) self.table.getTableHeader().setReorderingAllowed(False) @@ -119,46 +91,33 @@ def registerExtenderCallbacks(self, callbacks): self.table.setRowSorter(self.sorter) X_BASE2 = 200 # send to leff # 3rd one send to right - #self.scrollPane.setBounds(X_BASE2 + 100, 80, 1200, 800) - #self.scrollPane.setPreferredSize(Dimension(1500, 500)) + self.scrollPane.getViewport().setView((self.table)) - #self.tablePanel.add(self.scrollPane) self.firstTab.add(self.scrollPane, BorderLayout.CENTER) # Creating Second Tab - self.secondTab = swing.JPanel() + self.secondTab = JPanel() self.secondTab.layout = BorderLayout() self.tabbedPane.addTab("API Mapper", self.secondTab) # creating UI for button and button in api mapper tab - self.buttonPanel2 = swing.JPanel() + self.APIMapperButtonPanel = JPanel() self.searchapimapper = JTextField('', 15) - self.buttonPanel2.add(self.searchapimapper) - self.buttonPanel2.add(swing.JButton("Search", actionPerformed=self.searchinapimapper)) - #self.buttonPanel2.setPreferredSize(Dimension(0, 30)) + self.APIMapperButtonPanel.add(self.searchapimapper) + self.APIMapperButtonPanel.add(JButton("Search", actionPerformed=self.searchinapimapper)) # adding the import button with onclick action which refers to the function below - self.buttonPanel2.add(swing.JButton( + self.APIMapperButtonPanel.add(JButton( "Save Project", actionPerformed=self.savelogger)) - #self.buttonPanel2.add(Box.createRigidArea(Dimension(35, 0))) - self.buttonPanel2.add(swing.JButton( + self.APIMapperButtonPanel.add(JButton( "Load Project", actionPerformed=self.importlogger)) - self.secondTab.add(self.buttonPanel2, BorderLayout.PAGE_START) + self.secondTab.add(self.APIMapperButtonPanel, BorderLayout.PAGE_START) # Creating a UI for table in api mapper tab - self.tablePanel2 = swing.JPanel() - #layout = BorderLayout.CENTER(self.tablePanel2) - #self.tablePanel2.setLayout(layout) - - - # not in use still not removed - self.colNames2 = ('Sr', 'URL', 'Method', 'Post Body', - 'Functionality Name', 'Request', 'Test Cases') - - self.data2 = [['', ''], ] # not in use still not removed - # self.dataModel2 = JTable(MyTableModel()) + self.tablePanel2 = JPanel() + ''' creating a menu which will be added with the table in api mapper for right click @@ -172,7 +131,11 @@ def registerExtenderCallbacks(self, callbacks): popupMenu.add(sendRepeaterItem) popupMenu.add(deleterow) - + self.comboBox1 = JComboBox() + self.comboBox1.addItem(None) + self.comboBox1.addItem("Pending") + self.comboBox1.addItem("In Progress") + self.comboBox1.addItem("Completed") # creating a table with custom model for api mapper self.logTable = Table(self) @@ -187,6 +150,9 @@ def registerExtenderCallbacks(self, callbacks): self.logTable.getColumnModel().getColumn(4).setPreferredWidth(142) self.logTable.setRowSelectionAllowed(True) + comboColumn1 = self.logTable.getColumnModel().getColumn(5) + comboColumn1.setCellEditor(DefaultCellEditor(self.comboBox1)) + #adding a right click menu in the table in api mapper self.logTable.setComponentPopupMenu(popupMenu) @@ -194,22 +160,17 @@ def registerExtenderCallbacks(self, callbacks): # Creating a scroller for table in api mapper and also width hight for table self.scrollPane2 = JScrollPane(self.logTable) - X_BASE3 = 1 # send to leff - #self.scrollPane2.setBounds(X_BASE3 + 10, 20, 1900, 570) # 3rd one send to right - #self.scrollPane2.setPreferredSize(Dimension(1500, 700)) + self.scrollPane2.getViewport().setView((self.logTable)) self.sorter2 = TableRowSorter(self); self.logTable.setRowSorter(self.sorter2) - #self.tablePanel2.add(self.scrollPane2, BorderLayout.WEST) - - - + # creating a save test case button and UI and a split pane self.CommentsSplitPane = JSplitPane(JSplitPane.VERTICAL_SPLIT); - self.bottomviewpanel = swing.JPanel() - self.buttonPanel3 = swing.JPanel(FlowLayout(FlowLayout.LEADING, 10, 10)) - self.buttonPanel3.add(swing.JButton( + self.bottomviewpanel = JPanel() + self.SaveTestCasePanel = JPanel(FlowLayout(FlowLayout.LEADING, 10, 10)) + self.SaveTestCasePanel.add(JButton( "Save TestCases", actionPerformed=self.SaveTestCases)) @@ -220,7 +181,7 @@ def registerExtenderCallbacks(self, callbacks): penTesterCommentBoxScrollPane = JScrollPane(self.testcases) # creating a split in test cases to add button and text box - self.CommentsSplitPane.setTopComponent(self.buttonPanel3) + self.CommentsSplitPane.setTopComponent(self.SaveTestCasePanel) self.CommentsSplitPane.setBottomComponent(penTesterCommentBoxScrollPane); @@ -228,36 +189,30 @@ def registerExtenderCallbacks(self, callbacks): # creating a message editor from burp to show request self.requestViewer = callbacks.createMessageEditor(None, True) self.responseViewer = callbacks.createMessageEditor(None, True) - #self._txtInput = callbacks.createTextEditor() - #self._txtInput.setEditable(True) #adding the tapped pane to create request and test cases self.editor_view = JTabbedPane() self.editor_view.addTab("Request", self.requestViewer.getComponent()) - #self.editor_view.addTab('Test Cases', self._txtInput.getComponent()) self.editor_view.addTab("Response", self.responseViewer.getComponent()) self.editor_view.addTab('Test Cases', self.CommentsSplitPane) - # self.buttonPanel3.add + # creating a split in api mapper with split size spl = JSplitPane(JSplitPane.VERTICAL_SPLIT) - #spl.setResizeWeight(.7) # adding the UI for split pane in api mapper tab - #spl.setTopComponent(self.tablePanel2) - #spl.setBottomComponent(self.editor_view) - replaced with left right + spl.setLeftComponent(self.scrollPane2) spl.setRightComponent(self.editor_view) - #spl.setBottomComponent(editorviews(self)) -replaced with left right # adding the spilt part to api mapper tab self.secondTab.add(spl) - # addinf the burp Defalut UI customization for the api mapper tab + # addinG the burp Defalut UI customization for the api mapper tab self.callbacks.customizeUiComponent(spl) self.callbacks.customizeUiComponent(self.logTable) self.callbacks.customizeUiComponent(self.scrollPane2) @@ -265,45 +220,44 @@ def registerExtenderCallbacks(self, callbacks): # creating a new tab - self.ThirdTab = swing.JPanel() + self.ThirdTab = JPanel() self.ThirdTab.layout = BorderLayout() self.tabbedPane.addTab("Vulnerabilities", self.ThirdTab) # creating the button and button location and width in vulnerability tab - self.buttonPanel4 = swing.JPanel() + self.VulnerabilityButtonPanel = JPanel() + + # Search For Vulnerability UI self.searchvulnerability = JTextField('', 15) - self.buttonPanel4.add(self.searchvulnerability) - self.buttonPanel4.add(swing.JButton("Search", actionPerformed=self.searchinvulnerability)) + self.VulnerabilityButtonPanel.add(self.searchvulnerability) + self.VulnerabilityButtonPanel.add(JButton("Search", actionPerformed=self.searchinvulnerability)) - #self.buttonPanel4.setPreferredSize(Dimension(0, 30)) # adding the import button with onclick action which refers to the function below - #self.buttonPanel4.add(Box.createRigidArea(Dimension(35, 0))) - self.buttonPanel4.add(swing.JButton( + self.VulnerabilityButtonPanel.add(JButton( "Export Vulnerabilities", actionPerformed=self.exportvulnerability)) - self.buttonPanel4.add(swing.JButton( + self.VulnerabilityButtonPanel.add(JButton( "Import Vulnerabilities", actionPerformed=self.importvulnerability)) # adding the button in vulnerability tab - self.ThirdTab.add(self.buttonPanel4, BorderLayout.PAGE_START) + self.ThirdTab.add(self.VulnerabilityButtonPanel, BorderLayout.PAGE_START) # creating the UI pannel for vulnerability tab --> table - self.tablePanel3 = swing.JPanel() - #layout = GroupLayout(self.tablePanel3) - #self.tablePanel3.setLayout(layout) - - + self.tablePanel3 = JPanel() + # Creating a jcombobox that will show the selection option, and adding and none or empty item for selection self.comboBox = JComboBox() self.comboBox.addItem(None) - #self.comboBox.setEditable(True) - #self.comboBox.addActionListener(self.seachincombobox) + self.comboBox.setEditable(True) + self.combolist = [] + self.comboBox.addActionListener(self.seachincombobox) + + # Creating a seelction list for Severity on vulnerability table self.comboBox2 = JComboBox() - #self.Severity = ['Critical','High','Medium', 'Low', 'Informational'] self.comboBox2.addItem(None) self.comboBox2.addItem('Critical') self.comboBox2.addItem('High') @@ -325,11 +279,8 @@ def registerExtenderCallbacks(self, callbacks): comboColumn.setCellEditor(DefaultCellEditor(self.comboBox)) comboColumn2 = self.table3.getColumnModel().getColumn(3) comboColumn2.setCellEditor(DefaultCellEditor(self.comboBox2)) - #self.sorter3 = TableRowSorter(self.dataModel2); - #self.table3.setRowSorter(self.sorter3) - - + # Adding a right click menu for Vulnerability popupMenu2 = JPopupMenu() deletevulnerability = JMenuItem("Delete Vulnerability", actionPerformed=self.deletevuln) popupMenu2.add(deletevulnerability) @@ -349,44 +300,60 @@ def registerExtenderCallbacks(self, callbacks): # adding the table UI to vulnerability tab self.ThirdTab.add(self.scrollPane3, BorderLayout.CENTER) - - self.FourthTab = swing.JPanel() + # Config Tab + self.FourthTab = JPanel() self.FourthTab.layout = BorderLayout() self.tabbedPane.addTab("Config", self.FourthTab) - self.buttonPanel5 = swing.JPanel() + self.buttonPanel5 = JPanel() - layout = javax.swing.GroupLayout(self.buttonPanel5) + layout = GroupLayout(self.buttonPanel5) self.buttonPanel5.setLayout(layout) - jButton1 = swing.JButton("Choose Directory", actionPerformed=self.Autosavepath) - jLabel1 = javax.swing.JLabel() - #button1 = swing.JButton("ChooseDirectory", actionPerformed=self.Autosavepath) - self.autosavepath = javax.swing.JLabel(); - self.timeperid = javax.swing.JLabel(); - self.timerbox = javax.swing.JTextField(5); - jLabel4 = javax.swing.JLabel(); - button2 = swing.JButton("Choose File", actionPerformed=self.Autosavepath2) - self.Checklistfilepath = javax.swing.JLabel() - #Checklistfilepath.setText("jLabel2") - Savechecklistfileconfig = swing.JButton("Save Path", actionPerformed=self.saveautoconfigdata2) - self.saveconfigbutton = swing.JButton("Save Config", actionPerformed=self.saveautoconfigdata) - jLabel1.setText("Select the Auto Save Output Directory") - self.timeperid.setText("Set the Time Interval for Auto Save"); + + jButton1 = JButton("Choose Directory", actionPerformed=self.Autosavepath) + jLabel1 = JLabel() + self.autosavepath = JLabel(); + self.autosavepath.setForeground(Color(255, 102, 51)) + self.timeperid = JLabel(); + self.timerbox = JTextField(5); + jLabel4 = JLabel(); + button2 = JButton("Choose File", actionPerformed=self.Autosavepath2) + self.Checklistfilepath = JLabel() + self.Checklistfilepath.setForeground(Color(255, 102, 51)) + Savechecklistfileconfig = JButton("Save Path", actionPerformed=self.saveautoconfigdata2) + Savechecklistfileconfig.setBackground(Color(255, 102, 51)) + Savechecklistfileconfig.setFont(Font("Segoe UI", 1, 12)) + Savechecklistfileconfig.setForeground(Color(255, 255, 255)) + + self.saveconfigbutton = JButton("Save Config", actionPerformed=self.saveautoconfigdata) + self.saveconfigbutton.setBackground(Color(255, 102, 51)); + self.saveconfigbutton.setFont(Font("Segoe UI", 1, 12)) + self.saveconfigbutton.setForeground(Color(255, 255, 255)) + jLabel1.setText("Select the Auto Save Output Directory :") + + self.timeperid.setText("Set Time for Auto Save :") self.timerbox.setText("self.timerbox"); - self.timeerror = javax.swing.JLabel(); - importall = javax.swing.JButton("Import All", actionPerformed=self.autoimportall); - jSeparator1 = javax.swing.JSeparator(); - jSeparator2 = javax.swing.JSeparator(); - jSeparator1.setPreferredSize(Dimension(50, 100)); + self.timeerror = JLabel(); + self.timeerror.setForeground(Color(204, 0, 0)) + importall = JButton("Import All", actionPerformed=self.autoimportall) + jSeparator1 = JSeparator() + jSeparator2 = JSeparator() + jSeparator1.setPreferredSize(Dimension(50, 100)) + jSeparator2.setPreferredSize(Dimension(50, 100)) - AutoSaveConfigHeading = javax.swing.JLabel() - AutoloadChecklistHeading = javax.swing.JLabel(); - Exportall = javax.swing.JButton("Export All", actionPerformed=self.autoexportall); + + AutoSaveConfigHeading = JLabel() + AutoSaveConfigHeading.setFont(Font("Segoe UI", 1, 14)) + AutoSaveConfigHeading.setToolTipText("") + AutoloadChecklistHeading = JLabel(); + AutoloadChecklistHeading.setFont(Font("Segoe UI", 1, 14)) + AutoloadChecklistHeading.setToolTipText("") + Exportall = JButton("Export All", actionPerformed=self.autoexportall); AutoSaveConfigHeading.setFont(Font("Segoe UI", 1, 14)); AutoSaveConfigHeading.setText("Auto Save Config"); AutoSaveConfigHeading.setToolTipText(""); @@ -396,113 +363,278 @@ def registerExtenderCallbacks(self, callbacks): AutoloadChecklistHeading.setToolTipText("") - jLabel4.setText("Select Auto Load Checklist File") + jLabel4.setText("Select Auto Load Checklist File :") + OneclickImportExportLabel = JLabel() + OneclickImportExportLabel.setText("Import and Export API Mapper and Vulnerabilities from Above Selected Directory") + Singleclickfilename = JLabel() + Singleclickfilename.setForeground(Color(204, 0, 0)) + Singleclickfilename.setText("Note: File Name should be APIMapper.csv & Vulnerability.csv") + jSeparator3 = JSeparator() + jSeparator3.setPreferredSize(Dimension(50, 100)) + AutologLabel = JLabel() + AutologLabel.setText("Auto Log from Proxy to API Mapper :") + AutologHeading1 = JLabel() + AutologHeading1.setFont(Font("Segoe UI", 1, 14)) + AutologHeading1.setText("Auto Logging"); + AutologHeading1.setToolTipText("") + self.AutoLoggingtoggle = JToggleButton() + self.AutoLoggingtoggle.addItemListener(self.AutoLogtogglelistener) + self.AutoLoggingtoggle.setBackground(Color(128, 128, 128)); + self.AutoLoggingtoggle.setFont(Font("Segoe UI", 1, 14)) + self.AutoLoggingtoggle.setText("ON"); + self.AutoLoggingtoggle.setCursor(Cursor(Cursor.DEFAULT_CURSOR)) + self.ToggleStatus = JLabel() + self.ToggleStatus.setForeground(Color(255, 102, 51)) + self.ToggleStatus.setText("Current Status: OFF") + oneclickimportexportHeading = JLabel() + oneclickimportexportHeading.setFont(Font("Segoe UI", 1, 14)) + oneclickimportexportHeading.setText("One Click Import Export") + oneclickimportexportHeading.setToolTipText("") + self.SingleclickimportMapper = JLabel() + self.SingleclickimportMapper.setForeground(Color(255, 102, 51)); + + self.SingleclickimportVulnerabilities = JLabel() + self.SingleclickimportVulnerabilities.setForeground(Color(255, 102, 51)); + self.SingleclickexportMapper = JLabel() + self.SingleclickexportMapper.setForeground(Color(255, 102, 51)) + + self.SingleclickexportVulnerabilities = JLabel() + self.SingleclickexportVulnerabilities.setForeground(Color(255, 102, 51)) + + Excludefilelabel = JLabel() + Excludefilelabel.setText("Exclude Files :") + Excludefilebutton = JButton("Save", actionPerformed=self.excludefilebuttonclick) + Excludefilebutton.setBackground(Color(255, 102, 51)) + Excludefilebutton.setFont(Font("Segoe UI", 1, 12)) + Excludefilebutton.setForeground(Color(255, 255, 255)) + AutosaveHeading3 = JLabel() + AutosaveHeading3.setFont(Font("Segoe UI", 1, 14)) + AutosaveHeading3.setText("Auto Save") + AutosaveHeading3.setToolTipText("") + self.AutoSavetoggle = JToggleButton() + self.AutoSavetoggle.setBackground(Color(128, 128, 128)) + self.AutoSavetoggle.setFont(Font("Segoe UI", 1, 14)) + self.AutoSavetoggle.setText("ON")#, itemStateChanged = self.AutoSavetogglelistener) + self.AutoSavetoggle.addItemListener(self.AutoSavetogglelistener) + self.AutoSavetoggle.setCursor(Cursor(Cursor.DEFAULT_CURSOR)) + self.Autosavechecker = False + AutoSaveLabel = JLabel() + AutoSaveLabel.setText("Auto Save API Mapper and Vulnerability :") + self.AutoSaveToggleStatus = JLabel() + self.AutoSaveToggleStatus.setForeground(Color(255, 102, 51)) + self.AutoSaveToggleStatus.setText("Current Status: OFF") + self.AutoSaveErrorlabel = JLabel() + self.AutoSaveErrorlabel.setBackground(Color(0, 0, 0)) + self.AutoSaveErrorlabel.setForeground(Color(204, 0, 0)) + #AutoSaveErrorlabel.setText("Auto Save Requires Auto Save Config with Valid Directory Selected") + jScrollPane1 = JScrollPane() + self.Excludefiletextfield = JTextArea() + self.Excludefiletextfield.setColumns(20) + self.Excludefiletextfield.setRows(1) + self.Excludefiletextfield.setTabSize(6) + self.Excludefiletextfield.setText("SCRIPT,JPEG,CSS,PNG,IMAGE,APP") + jScrollPane1.setViewportView(self.Excludefiletextfield) + jSeparator5 = JSeparator() + jSeparator5.setOrientation(VERTICAL) + + layout.setHorizontalGroup( - layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(layout.createSequentialGroup() - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(layout.createSequentialGroup() - .addGap(35, 35, 35) - .addComponent(AutoSaveConfigHeading)) - .addGroup(layout.createSequentialGroup() - .addGap(26, 26, 26) - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(layout.createSequentialGroup() - .addComponent(AutoloadChecklistHeading) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(jSeparator1, javax.swing.GroupLayout.PREFERRED_SIZE, 180, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addComponent(self.autosavepath) - .addComponent(jButton1) - .addComponent(jLabel1) - .addGroup(layout.createSequentialGroup() - .addComponent(importall) - .addGap(18, 18, 18) - .addComponent(Exportall)) - .addGroup(layout.createSequentialGroup() - .addComponent(self.timeperid) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(self.timerbox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(self.timeerror)) - .addGroup(layout.createSequentialGroup() - .addGap(138, 138, 138) - .addComponent(jSeparator2, javax.swing.GroupLayout.PREFERRED_SIZE, 180, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addGroup(layout.createSequentialGroup() - .addGap(31, 31, 31) - .addComponent(self.saveconfigbutton)) - .addGroup(layout.createSequentialGroup() - .addComponent(jLabel4) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(button2)))) - .addGroup(layout.createSequentialGroup() - .addGap(107, 107, 107) - .addComponent(self.Checklistfilepath)) - .addGroup(layout.createSequentialGroup() - .addGap(79, 79, 79) - .addComponent(Savechecklistfileconfig))) - .addContainerGap(128, Short.MAX_VALUE)) - ); + layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createSequentialGroup() + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createSequentialGroup() + .addGap(26, 26, 26) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createSequentialGroup() + .addComponent(AutologHeading1) + .addGap(125, 125, 125) + .addComponent(jSeparator3, javax.swing.GroupLayout.PREFERRED_SIZE, 180, javax.swing.GroupLayout.PREFERRED_SIZE)) + .addComponent(oneclickimportexportHeading) + .addComponent(Singleclickfilename) + .addComponent(OneclickImportExportLabel) + .addGroup(layout.createSequentialGroup() + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(jLabel1) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING) + .addComponent(AutoloadChecklistHeading) + .addComponent(self.timeperid)) + .addComponent(jLabel4)) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createSequentialGroup() + .addComponent(button2) + .addGap(37, 37, 37) + .addComponent(self.Checklistfilepath)) + .addGroup(layout.createSequentialGroup() + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(jButton1) + .addComponent(self.timerbox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) + .addComponent(self.saveconfigbutton)) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(self.timeerror) + .addComponent(self.autosavepath))) + .addComponent(jSeparator1, javax.swing.GroupLayout.PREFERRED_SIZE, 180, javax.swing.GroupLayout.PREFERRED_SIZE) + .addComponent(Savechecklistfileconfig) + .addComponent(jSeparator2, javax.swing.GroupLayout.PREFERRED_SIZE, 180, javax.swing.GroupLayout.PREFERRED_SIZE))) + .addGroup(layout.createSequentialGroup() + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING, False) + .addGroup(layout.createSequentialGroup() + .addComponent(Exportall) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addComponent(self.SingleclickexportMapper)) + .addGroup(javax.swing.GroupLayout.Alignment.LEADING, layout.createSequentialGroup() + .addComponent(importall) + .addGap(18, 18, 18) + .addComponent(self.SingleclickimportMapper))) + .addGroup(layout.createSequentialGroup() + .addComponent(AutologLabel) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(self.AutoLoggingtoggle, javax.swing.GroupLayout.PREFERRED_SIZE, 65, javax.swing.GroupLayout.PREFERRED_SIZE))) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createSequentialGroup() + .addGap(24, 24, 24) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(self.SingleclickimportVulnerabilities) + .addComponent(self.SingleclickexportVulnerabilities))) + .addGroup(layout.createSequentialGroup() + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createSequentialGroup() + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(self.ToggleStatus)) + .addGroup(layout.createSequentialGroup() + .addGap(52, 52, 52) + .addComponent(Excludefilebutton))) + .addGap(45, 45, 45) + .addComponent(jSeparator5, javax.swing.GroupLayout.PREFERRED_SIZE, 12, javax.swing.GroupLayout.PREFERRED_SIZE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(self.AutoSaveErrorlabel) + .addComponent(AutoSaveLabel) + .addGroup(layout.createSequentialGroup() + .addComponent(self.AutoSavetoggle, javax.swing.GroupLayout.PREFERRED_SIZE, 73, javax.swing.GroupLayout.PREFERRED_SIZE) + .addGap(18, 18, 18) + .addComponent(self.AutoSaveToggleStatus)) + .addComponent(AutosaveHeading3))))) + .addGroup(layout.createSequentialGroup() + .addComponent(Excludefilelabel) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(jScrollPane1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)))) + .addGroup(layout.createSequentialGroup() + .addGap(35, 35, 35) + .addComponent(AutoSaveConfigHeading))) + .addContainerGap(133, Short.MAX_VALUE)) + ); layout.setVerticalGroup( - layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(layout.createSequentialGroup() - .addContainerGap() - .addComponent(AutoSaveConfigHeading) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) - .addComponent(jLabel1) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(jButton1) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(self.autosavepath) - .addGap(12, 12, 12) - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) - .addComponent(self.timeperid) - .addComponent(self.timerbox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) - .addComponent(self.timeerror)) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(self.saveconfigbutton) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(layout.createSequentialGroup() - .addComponent(jSeparator1, javax.swing.GroupLayout.PREFERRED_SIZE, 10, javax.swing.GroupLayout.PREFERRED_SIZE) - .addGap(16, 16, 16)) - .addComponent(AutoloadChecklistHeading, javax.swing.GroupLayout.Alignment.TRAILING)) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addComponent(jLabel4) - .addComponent(button2)) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(self.Checklistfilepath) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(Savechecklistfileconfig) - .addGap(3, 3, 3) - .addComponent(jSeparator2, javax.swing.GroupLayout.PREFERRED_SIZE, 10, javax.swing.GroupLayout.PREFERRED_SIZE) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) - .addComponent(importall) - .addComponent(Exportall)) - .addGap(85, 85, 85)) - ); - - + layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createSequentialGroup() + .addContainerGap() + .addComponent(AutoSaveConfigHeading) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) + .addComponent(jLabel1) + .addComponent(jButton1) + .addComponent(self.autosavepath)) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) + .addComponent(self.timeperid) + .addComponent(self.timerbox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) + .addComponent(self.timeerror)) + .addGap(18, 18, 18) + .addComponent(self.saveconfigbutton) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(jSeparator1, javax.swing.GroupLayout.PREFERRED_SIZE, 10, javax.swing.GroupLayout.PREFERRED_SIZE) + .addGap(2, 2, 2) + .addComponent(AutoloadChecklistHeading) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) + .addComponent(jLabel4) + .addComponent(button2) + .addComponent(self.Checklistfilepath)) + .addGap(18, 18, 18) + .addComponent(Savechecklistfileconfig) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(jSeparator2, javax.swing.GroupLayout.PREFERRED_SIZE, 10, javax.swing.GroupLayout.PREFERRED_SIZE) + .addGap(1, 1, 1) + .addComponent(oneclickimportexportHeading) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addComponent(OneclickImportExportLabel) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addComponent(Singleclickfilename) + .addGap(18, 18, 18) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) + .addComponent(importall) + .addComponent(self.SingleclickimportMapper) + .addComponent(self.SingleclickimportVulnerabilities)) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) + .addComponent(Exportall) + .addComponent(self.SingleclickexportMapper) + .addComponent(self.SingleclickexportVulnerabilities)) + .addGap(18, 18, 18) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createSequentialGroup() + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) + .addComponent(AutologHeading1) + .addComponent(AutosaveHeading3)) + .addComponent(jSeparator3, javax.swing.GroupLayout.PREFERRED_SIZE, 10, javax.swing.GroupLayout.PREFERRED_SIZE)) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) + .addComponent(AutologLabel) + .addComponent(self.AutoLoggingtoggle, javax.swing.GroupLayout.PREFERRED_SIZE, 34, javax.swing.GroupLayout.PREFERRED_SIZE) + .addComponent(self.ToggleStatus)) + .addGap(18, 18, 18) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(jScrollPane1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) + .addComponent(Excludefilelabel) + .addComponent(Excludefilebutton)) + .addGap(0, 0, Short.MAX_VALUE)) + .addGroup(layout.createSequentialGroup() + .addGap(22, 22, 22) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createSequentialGroup() + .addComponent(AutoSaveLabel) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) + .addComponent(self.AutoSavetoggle, javax.swing.GroupLayout.PREFERRED_SIZE, 38, javax.swing.GroupLayout.PREFERRED_SIZE) + .addComponent(self.AutoSaveToggleStatus)) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(self.AutoSaveErrorlabel)) + .addComponent(jSeparator5, javax.swing.GroupLayout.PREFERRED_SIZE, 134, javax.swing.GroupLayout.PREFERRED_SIZE)) + .addContainerGap(187, Short.MAX_VALUE)))) + ) + self.FourthTab.add(self.buttonPanel5)#,BorderLayout.NORTH) - #self.FourthTab.add(self.buttonPanel6, BorderLayout.PAGE_START) - #self.FourthTab.add(self.buttonPanel7,BoxLayout.Y_AXIS) + + # Loading auto save time,path and auto load checklist and auto log exclude files from burp config self.path = callbacks.loadExtensionSetting('path') self.time = callbacks.loadExtensionSetting('time') + self.loadexcludefiles = callbacks.loadExtensionSetting('excludefilestolog') self.checklistpath = callbacks.loadExtensionSetting('checklistpath') self.timerbox.setText(self.time) self.autosavepath.setText(self.path) self.callbacks.printOutput("\nAuto Save Time = " + self.time) self.callbacks.printOutput("Auto Save Path = " + self.path +"\n") + self.autoloadchecklist = 0 self.autosavelocation = 0 self.extensionload = True + + + # Validing the content og extension loaded config + if self.loadexcludefiles == None: + self.loadexcludefiles = "SCRIPT,JPEG,CSS,PNG,IMAGE,APP".upper() + else: + self.Excludefiletextfield.setText(self.loadexcludefiles) + if self.time == None: self.time = 1 self.timerbox.setText(str(self.time)) @@ -515,102 +647,98 @@ def registerExtenderCallbacks(self, callbacks): else: pass + + + # Loading the checkling if auto load checklist configured if self.checklistpath == None: self.callbacks.printOutput(str(self.checklistpath)) self.Checklistfilepath.setText("Select the Checklist file") else: - # pass - - #if not self.checklistpath == None: self.comboBox.removeAllItems() self.comboBox.addItem(None) self.dataModel.setRowCount(0) - with open(self.checklistpath, 'rb') as f: reader2 = csv.reader(f, delimiter=',') - #self.data1 = list(reader) for rows in reader2: SR = rows[0] title = rows[1] obj = [SR,title] - #checklistlog.append(title) - #rowsss = self.dataModel.getRowCount() - #self.callbacks.printOutput(str(rowsss)) self.dataModel.addRow(obj) self.comboBox.addItem(str(title)) + self.combolist.append(str(title)) f.close() self.Checklistfilepath.setText(self.checklistpath) + + + + + # Validating if extension is unloaded to stop all running process ( Auto Save and Auto Log) + def extensionUnloaded(self): + self.extensionload = False + self.Autosavechecker = False + self.Autologcheck = False + + + # Listner to validate if auto Log is on or off + def AutoLogtogglelistener(self,e): + self.AutoLoggingtoggle = e.getItem() + if self.AutoLoggingtoggle.isSelected(): + self.AutoLoggingtoggle.setText("OFF") + self.AutoLoggingtoggle.setBackground(Color(255, 255, 255)) + self.ToggleStatus.setText("Current Status: ON") + self.Autologcheck = True + self.callbacks.registerProxyListener(Autologclas(self)) + #Autologclas(self) + + else: + self.AutoLoggingtoggle.setText("ON") + self.AutoLoggingtoggle.setBackground(Color(128, 128, 128)) + self.ToggleStatus.setText("Current Status: OFF") + self.Autologcheck = False + self.callbacks.removeProxyListener(Autologclas(self)) - #while self.extensionload == True: - #self.t = Timer(int(self.time) * 60, self.timer) - #self.t.start() - #self.t.join() + # Listner to validate if auto Save is on or off + def AutoSavetogglelistener(self, e): + self.AutoSavetoggle = e.getItem() + t = Autosaveclas(self) + #p = multiprocessing.Process(target=t.run) - #def timer(self): - - #self.callbacks.printOutput(str(self.extensionUnloaded)) - while self.extensionload == True: - if os.path.isdir(str(self.path)): - if self.logTable.getRowCount() > 0: - #self.path = fileLoad.getPath() - fname = "APIMapper"+"."+"csv" - fnameWithPath = os.path.join(self.path,fname) - if os.path.exists(fnameWithPath): - os.remove(fnameWithPath) - self.callbacks.printOutput("Saving the API Mapper output") - with open(fnameWithPath, 'wb') as loggerdata: - writer = csv.writer(loggerdata) - for logEntry in self._log: - - #self.callbacks.printOutput(str(logEntry._sr)) - writer.writerow([str(logEntry._sr), str(logEntry._url) ,str(logEntry._method) ,str(logEntry._postbody) ,str(logEntry._FunctionalityName) ,str(logEntry._requestResponse) ,str(logEntry._TestCases),(logEntry._response).encode('utf-8').strip()]) - loggerdata.close() + if self.AutoSavetoggle.isSelected(): + if not os.path.isdir(str(self.path)): + self.AutoSavetoggle.setBackground(Color(128, 128, 128)) + self.AutoSaveErrorlabel.setText("Auto Save Requires Auto Save Config with Valid Directory Selected") + self.Autosavechecker = False else: - self.callbacks.printOutput("Skipping the API Mapper, Table is empty") - if self.dataModel2.getRowCount() > 0: + + self.AutoSavetoggle.setText("OFF") + self.AutoSavetoggle.setBackground(Color(255, 255, 255)) + self.AutoSaveToggleStatus.setText("Current Status: ON") + self.AutoSaveErrorlabel.setText("") - fname2 = "Vulnerability"+"."+"csv" - fnameWithPath2 = os.path.join(self.path,fname2) - if os.path.exists(fnameWithPath2): - os.remove(fnameWithPath2) - self.callbacks.printOutput("Saving the Vulnerability output") - totalrow = self.dataModel2.getRowCount() - with open(fnameWithPath2, 'wb') as vulnerabilitydata: - writer = csv.writer(vulnerabilitydata) - for row in range (0, totalrow): - url = self.dataModel2.getValueAt(row,0) - paramter = self.dataModel2.getValueAt(int(row),1) - Vulnerability = self.dataModel2.getValueAt(int(row),2) - Severity = self.dataModel2.getValueAt(int(row),3) - #self.callbacks.printOutput(str(url)) - - #self.callbacks.printOutput(str(logEntry._sr)) - writer.writerow([str(url), str(paramter) ,str(Vulnerability),str(Severity)]) - vulnerabilitydata.close() - else: - self.callbacks.printOutput("Skipping the Vulnerability, Table is empty") - else: - self.autosavepath.setText("Output Directory doesn't exist") - time.sleep(int(self.time) * 60) - + self.Autosavechecker = True + t.start() - def extensionUnloaded(self): - self.extensionload = False - #self.t.cancel() + else: + self.AutoSavetoggle.setText("ON") + self.AutoSaveToggleStatus.setText("Current Status: OFF") + self.AutoSavetoggle.setBackground(Color(128, 128, 128)) + self.AutoSaveErrorlabel.setText("") + self.Autosavechecker = False + t.stop() + + # Import All data if Import button clicked from config Tab def autoimportall(self,e): if os.path.isdir(str(self.path)): fname = "APIMapper"+"."+"csv" fnameWithPath = os.path.join(self.path,fname) if os.path.exists(fnameWithPath): with open(fnameWithPath, 'rb') as f: - reader2 = csv.reader(f, delimiter=',') - for rows in reader2: SR = rows[0] url = rows[1] @@ -619,48 +747,47 @@ def autoimportall(self,e): functionname = rows[4] request = rows[5] testcases = rows[6] - try: response = rows[7] + status = rows[8] except IndexError: response = None - - self._log.append(LogEntry(SR,url, method,body,request,functionname,testcases,response)) - #self.fireTableRowsInserted(row, row) - #self.callbacks.printOutput(str(len(self._log))) + status = None + self._log.append(LogEntry(SR,url, method,body,request,functionname,testcases,response,status)) + f.close() self.fireTableDataChanged() + self.SingleclickimportMapper.setText("API Mapper Import Completed") fname2 = "Vulnerability"+"."+"csv" fnameWithPath2 = os.path.join(self.path,fname2) if os.path.exists(fnameWithPath2): with open(fnameWithPath2, 'rb') as f: reader2 = csv.reader(f, delimiter=',') - #self.data1 = list(reader) for rows in reader2: URL = rows[0] Parameter = rows[1] Vulnerability = rows[2] - try: Severity = rows[3] except IndexError: Severity = None obj = [URL,Parameter,Vulnerability,Severity] - - self.dataModel2.addRow(obj) - + self.dataModel2.addRow(obj) f.close() - - + self.SingleclickimportVulnerabilities.setText("Vulnerabilities Import Completed") else: self.autosavepath.setText("Output Directory doesn't exist") + self.SingleclickimportVulnerabilities.setText("Vulnerabilities Import Failed") + self.SingleclickimportMapper.setText("API Mapper Import Failed") + + + # Export All data if Export button clicked from config Tab def autoexportall(self,e): if os.path.isdir(str(self.path)): if self.logTable.getRowCount() > 0: - #self.path = fileLoad.getPath() fname = "APIMapper"+"."+"csv" fnameWithPath = os.path.join(self.path,fname) if os.path.exists(fnameWithPath): @@ -669,12 +796,13 @@ def autoexportall(self,e): with open(fnameWithPath, 'wb') as loggerdata: writer = csv.writer(loggerdata) for logEntry in self._log: - - #self.callbacks.printOutput(str(logEntry._sr)) - writer.writerow([str(logEntry._sr), str(logEntry._url) ,str(logEntry._method) ,str(logEntry._postbody) ,str(logEntry._FunctionalityName) ,str(logEntry._requestResponse) ,str(logEntry._TestCases),(logEntry._response).encode('utf-8').strip()]) + writer.writerow([str(logEntry._sr), str(logEntry._url) ,str(logEntry._method) ,str(logEntry._postbody) ,str(logEntry._FunctionalityName) ,str(logEntry._requestResponse) ,str(logEntry._TestCases),(logEntry._response).encode('utf-8').strip(),str(logEntry._status)]) loggerdata.close() + self.SingleclickexportMapper.setText("API Mapper Export Completed") else: self.callbacks.printOutput("Skipping the API Mapper, Table is empty") + self.callbacks.printOutput("Sourav") + self.SingleclickexportMapper.setText("API Mapper Export Failed. Empty Table") if self.dataModel2.getRowCount() > 0: fname2 = "Vulnerability"+"."+"csv" @@ -690,33 +818,39 @@ def autoexportall(self,e): paramter = self.dataModel2.getValueAt(int(row),1) Vulnerability = self.dataModel2.getValueAt(int(row),2) Severity = self.dataModel2.getValueAt(int(row),3) - #self.callbacks.printOutput(str(url)) - - #self.callbacks.printOutput(str(logEntry._sr)) writer.writerow([str(url), str(paramter) ,str(Vulnerability),str(Severity)]) vulnerabilitydata.close() + self.SingleclickexportVulnerabilities.setText("Vulnerabilities Export Completed") else: self.callbacks.printOutput("Skipping the Vulnerability, Table is empty") + self.SingleclickexportVulnerabilities.setText("Vulnerabilities Export Failed. Empty Table") else: self.autosavepath.setText("Output Directory doesn't exist") + self.SingleclickexportVulnerabilities.setText("Vulnerabilities Export Failed") + SingleclickexportMapper.setText("API Mapper Export Failed") + # Listner if Save button clicked from config tab to modify the auto log excluded files + def excludefilebuttonclick(self,e): + #Excludefiletextfield.getText() + self.callbacks.saveExtensionSetting("excludefilestolog", self.Excludefiletextfield.getText().upper()) + self.Excludefiletextfield.setText(self.Excludefiletextfield.getText().upper()) + - def Autosavepath(self,e): - chooseFile = swing.JFileChooser() - chooseFile.setFileSelectionMode(swing.JFileChooser.DIRECTORIES_ONLY) - returnedFile = chooseFile.showDialog(self.buttonPanel4, "Output Path") + #Allowing users to select the auto save DIRECTORIES + def Autosavepath(self,e): + chooseFile = JFileChooser() + chooseFile.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY) + returnedFile = chooseFile.showDialog(self.VulnerabilityButtonPanel, "Output Path") if returnedFile == JFileChooser.APPROVE_OPTION: fileLoad1 = chooseFile.getSelectedFile() self.autosavelocation = fileLoad1.getPath() - #self.callbacks.printOutput(str(self.filepath2)) return str(self.autosavelocation) - + # Allowing users to select the checklist CSV file to auto load it everytime extension is reloaded def Autosavepath2(self,e): - chooseFile = JFileChooser() filter = FileNameExtensionFilter("csv files", ["csv"]) chooseFile.addChoosableFileFilter(filter) @@ -727,13 +861,11 @@ def Autosavepath2(self,e): self.autoloadchecklist = fileLoad.getAbsolutePath() return str(self.autoloadchecklist) + + # Allowing users to set auto save time def saveautoconfigdata(self,e): - #path = self.Autosavepath - #self.callbacks.printOutput(str(path)) - if self.autoloadchecklist == 0: self.autoloadchecklist = None - if self.autosavelocation == 0: if str(self.timerbox.getText()) == "0": self.timeerror.setText("Invalid time") @@ -753,37 +885,21 @@ def saveautoconfigdata(self,e): else: - #self.t.cancel() - #self.t.join() - #self.callbacks.printOutput(str(self.autosavelocation)) - #self.callbacks.printOutput(str(self.autoloadchecklist)) - #self.callbacks.printOutput(str(self.timerbox.getText())) - self.callbacks.saveExtensionSetting("path", str(self.autosavelocation)) self.callbacks.saveExtensionSetting("time", self.timerbox.getText()) - #self.callbacks.saveExtensionSetting("checklistpath", str(self.autoloadchecklist)) self.autosavepath.setText(str(self.autosavelocation)) self.path = self.callbacks.loadExtensionSetting('path') self.time = self.callbacks.loadExtensionSetting('time') - - #time.sleep(5) - #runnig = self.t.is_alive() - #self.callbacks.printOutput(str(runnig)) - #if self.t.finished: + - #self.t.start() + # Allow users to save the auto load checklist path def saveautoconfigdata2(self,e): if self.autoloadchecklist == 0: - self.Checklistfilepath.setText("Select the checklist file") - + self.Checklistfilepath.setText("Select the checklist file") else: self.callbacks.saveExtensionSetting("checklistpath", str(self.autoloadchecklist)) self.Checklistfilepath.setText(self.autoloadchecklist) self.Checklistfilepath.setText(str(self.autoloadchecklist)) - - #self.Checklistfilepath.setForeground(Color(209, 6, 6)) - - # this will send the selected row in api mapper to vulnerability tab @@ -797,10 +913,8 @@ def sendVulnItem(self,event): # function will handle to send the selected row to repeater def sendRepeaterItem(self,event): - row = self.logTable.getSelectedRows() - + row = self.logTable.getSelectedRows() for rows in row: - #self.callbacks.printOutput(str(rows)) logEntry = self._log[rows] fullurl = logEntry._url url = urlparse(str(fullurl)) @@ -815,29 +929,29 @@ def sendRepeaterItem(self,event): self.callbacks.sendToRepeater(hostname,port, False, request, func) - # function will handle, delete the row from api mapper - def deleterow(self,event): - - + def deleterow(self,event): row = self.logTable.getSelectedRows() for rows in row: - #logEntry = self._log[rows] self._log.pop(rows) self.fireTableDataChanged() - #totalrow = self.logTable.getRowCount() - #self.callbacks.printOutput(str(totalrow)) - + # delete row from the vulnerability table def deletevuln(self,e): totalvulnrows = self.table3.getSelectedRows() - #self.callbacks.printOutput(str(totalvulnrows)) for rows in totalvulnrows: - #self.callbacks.printOutput(str(rows)) self.dataModel2.removeRow(rows) - + # allow users to search vulnerablity from select vulnerablity list in vulnerability table + def seachincombobox(self,event): + Combo = event.getSource() + searchedvalue = Combo.getSelectedItem() + self.comboBox.removeAllItems() + self.comboBox.addItem(None) + for items in self.combolist: + if searchedvalue in items: + self.comboBox.addItem(items) # part of custom table model to get total number of row in the table, it will check the data in the list amd will return when called def getRowCount(self): @@ -848,7 +962,7 @@ def getRowCount(self): # this is required to work with AbstractTableModel, this will show return the total columns in API Mapper def getColumnCount(self): - return 5 + return 6 # this is required to work with AbstractTableModel, this will show the columns Name for API Mapper table def getColumnName(self, columnIndex): @@ -862,16 +976,16 @@ def getColumnName(self, columnIndex): return "Post Body" if columnIndex == 4: return "Functionality Name" + if columnIndex == 5: + return "Status" return "" # this is required to work with AbstractTableModel, this will show the data in the columns from the list for API Mapper table def getValueAt(self, rowIndex, columnIndex): self.totalrow = self.logTable.getRowCount() if rowIndex < self.getRowCount() and columnIndex < self.getColumnCount(): - logEntry = self._log[rowIndex] if columnIndex == 0: - #return logEntry._sr return str(rowIndex + 1) if columnIndex == 1: return logEntry._url @@ -881,6 +995,8 @@ def getValueAt(self, rowIndex, columnIndex): return logEntry._postbody if columnIndex == 4: return logEntry._FunctionalityName + if columnIndex == 5: + return logEntry._status return "" else: self.callbacks.printError("Table is empty") @@ -891,30 +1007,25 @@ def getValueAt(self, rowIndex, columnIndex): ''' def setValueAt(self, value, rowIndex, columnIndex): - - if rowIndex < self.getRowCount() and columnIndex < self.getColumnCount(): + + if rowIndex < self.getRowCount() and columnIndex == 4: logEntry = self._log[rowIndex] logEntry._FunctionalityName = value - else: - self.callbacks.printError("Table is empty") - - '''' - def getHttpService(self): - return self._currentlyDisplayedItem.getHttpService() - def getRequest(self): - return self._currentlyDisplayedItem.getRequest() + if rowIndex < self.getRowCount() and columnIndex == 5: + logEntry = self._log[rowIndex] + logEntry._status = value - def getResponse(self): - return self._currentlyDisplayedItem.getResponse() - ''' + else: + self.callbacks.printError("Table is empty") + #function that will show a option to send request to extension in proxy/repeater etc def createMenuItems(self, invocation): ctx = invocation.getInvocationContext() menu = [] - menu.append(swing.JMenuItem("Send To API Mapper", None,actionPerformed=lambda x, inv=invocation: self.getTabledataa(inv))) - menu.append(swing.JMenuItem("Send To Vulnerability", None,actionPerformed=lambda x, inv=invocation: self.getVulnerabilitydataa(inv))) + menu.append(JMenuItem("Send To API Mapper", None,actionPerformed=lambda x, inv=invocation: self.getTabledataa(inv))) + menu.append(JMenuItem("Send To Vulnerability", None,actionPerformed=lambda x, inv=invocation: self.getVulnerabilitydataa(inv))) if menu == []: return @@ -935,31 +1046,23 @@ def getVulnerabilitydataa(self,invocation): # function will be called when user send any request to the extension, function will get the required data from the request that is send and will add it to the list def getTabledataa(self, invocation): reqRes = invocation.getSelectedMessages() - #requestss = IHttpService() for items in reqRes: req = self.helpers.analyzeRequest(items) self.method = req.getMethod() - #url = req.url paramter = req.getParameters() - domainame = items.getHost() # - workings - portnumer = items.getPort() # workings - protocol = items.getProtocol() # workings self.url = items.getUrl() gettingrequest = items.getRequest() self.requestinst = self.helpers.bytesToString(gettingrequest) self.responseinbytes = items.getResponse() self.responseinst = self.helpers.bytesToString(self.responseinbytes) - #requestdetails = req.getRequest() getody = req.getBodyOffset() self.body = self.requestinst[getody:len(self.requestinst)] - - rowss = self.logTable.getRowCount() self.sr2 = str((rowss + 1)) self._lock.acquire() row = len(self._log) column = self.logTable.getColumnCount() - self._log.append(LogEntry(self.sr2, self.url, self.method, self.body, self.requestinst, '', '', self.responseinst)) + self._log.append(LogEntry(self.sr2, self.url, self.method, self.body, self.requestinst, '', '', self.responseinst, '')) self.fireTableRowsInserted(row, row) self._lock.release() @@ -971,37 +1074,23 @@ def getTabCaption(self): # Returning the UI to the extension tab - Returning the new taB insite the extension tab def getUiComponent(self): - #return self.tab return self.tabbedPane # function will export the table data when clicked on save button in api mapper tab def savelogger(self,e): currenttime = str(time.strftime('%Y-%m-%d,%H:%M:%S', time.localtime(time.time()))) - chooseFile = swing.JFileChooser() - chooseFile.setFileSelectionMode(swing.JFileChooser.DIRECTORIES_ONLY) - returnedFile = chooseFile.showDialog(self.buttonPanel2, "Output Path") - - ''' - filter = FileNameExtensionFilter("csv files", ["csv"]) - chooseFile.addChoosableFileFilter(filter) - returnedFile = chooseFile.showDialog(self.buttonPanel2, "Choose File") - ''' - - - + chooseFile = JFileChooser() + chooseFile.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY) + returnedFile = chooseFile.showDialog(self.APIMapperButtonPanel, "Output Path") if returnedFile == JFileChooser.APPROVE_OPTION: fileLoad = chooseFile.getSelectedFile() - #self.filepath = fileLoad.getAbsolutePath() self.filepath = fileLoad.getPath() fname = "APIMapper"+str(time.time())+"."+"csv" fnameWithPath = os.path.join(self.filepath,fname) - with open(fnameWithPath, 'wb') as loggerdata: writer = csv.writer(loggerdata) for logEntry in self._log: - - #self.callbacks.printOutput(str(logEntry._sr)) - writer.writerow([str(logEntry._sr), str(logEntry._url) ,str(logEntry._method) ,str(logEntry._postbody) ,str(logEntry._FunctionalityName) ,str(logEntry._requestResponse) ,str(logEntry._TestCases),(logEntry._response).encode('utf-8').strip()]) + writer.writerow([str(logEntry._sr), str(logEntry._url) ,str(logEntry._method) ,str(logEntry._postbody) ,str(logEntry._FunctionalityName) ,str(logEntry._requestResponse) ,str(logEntry._TestCases),(logEntry._response).encode('utf-8').strip(),str(logEntry._status)]) loggerdata.close() @@ -1010,14 +1099,12 @@ def importlogger(self,e): chooseFile = JFileChooser() filter = FileNameExtensionFilter("csv files", ["csv"]) chooseFile.addChoosableFileFilter(filter) - ret = chooseFile.showDialog(self.tab, "Choose file") if ret == JFileChooser.APPROVE_OPTION: fileLoad = chooseFile.getSelectedFile() self.filepath = fileLoad.getAbsolutePath() with open(self.filepath, 'rb') as f: reader2 = csv.reader(f, delimiter=',') - for rows in reader2: SR = rows[0] url = rows[1] @@ -1028,11 +1115,11 @@ def importlogger(self,e): testcases = rows[6] try: response = rows[7] + status = rows[8] except IndexError: response = None - self._log.append(LogEntry(SR,url, method,body,request,functionname,testcases,response)) - #self.fireTableRowsInserted(row, row) - #self.callbacks.printOutput(str(len(self._log))) + status = None + self._log.append(LogEntry(SR,url, method,body,request,functionname,testcases,response,status)) f.close() self.fireTableDataChanged() @@ -1042,8 +1129,7 @@ def searchinchecklist(self,e): checklistsearchstring = self.searchchecklist.getText() if checklistsearchstring == "": self.sorter.setRowFilter(None) - else: - + else: self.sorter.setRowFilter(RowFilter.regexFilter("(?i)" + checklistsearchstring)); @@ -1053,7 +1139,6 @@ def searchinapimapper(self,e): if apimappersearchstring == "": self.sorter2.setRowFilter(None) else: - self.sorter2.setRowFilter(RowFilter.regexFilter("(?i)" + apimappersearchstring)); ## Search text in APIMapper tab @@ -1062,19 +1147,14 @@ def searchinvulnerability(self,e): if vulnerabilitysearchstring == "": self.sorter3.setRowFilter(None) else: - self.sorter3.setRowFilter(RowFilter.regexFilter("(?i)" + vulnerabilitysearchstring)); - - #Function that will be called when user click on import in checklist tab - def importchecklist(self, e): - + def importchecklist(self, e): chooseFile = JFileChooser() filter = FileNameExtensionFilter("csv files", ["csv"]) - chooseFile.addChoosableFileFilter(filter) - + chooseFile.addChoosableFileFilter(filter) ret = chooseFile.showDialog(self.tab, "Choose file") if ret == JFileChooser.APPROVE_OPTION: fileLoad = chooseFile.getSelectedFile() @@ -1084,28 +1164,21 @@ def importchecklist(self, e): self.dataModel.setRowCount(0) with open(self.filepath, 'rb') as f: reader2 = csv.reader(f, delimiter=',') - #self.data1 = list(reader) for rows in reader2: SR = rows[0] title = rows[1] obj = [SR,title] - #checklistlog.append(title) - #rowsss = self.dataModel.getRowCount() - #self.callbacks.printOutput(str(rowsss)) self.dataModel.addRow(obj) self.comboBox.addItem(str(title)) + self.combolist.append(str(title)) f.close() - - - - # creating a function that will be called when user clicks on the create button this function will show the input field in UI for checklist taB def createtestcases(self, e): self.textfield1 = JTextField('', 15) self.buttonPanel.add(self.textfield1) - self.buttonPanel.add(swing.JButton( + self.buttonPanel.add(JButton( "Submit", actionPerformed=self.addrow)) self.buttonPanel.add(Box.createVerticalGlue()) @@ -1114,14 +1187,11 @@ def addrow(self, e): rowsss = self.dataModel.getRowCount() sr = (rowsss + 1) title = self.value = self.textfield1.getText() - obj = [sr, title] - #checklistlog.append(title) + obj = [sr, title] self.comboBox.addItem(str(title)) - #ChecklistLogEntry + self.combolist.append(str(title)) self.dataModel.addRow(obj) if not self.checklistpath == None: - - # Writing the new entry in file with open(self.checklistpath, 'a') as writechecklist: writer = csv.writer(writechecklist) @@ -1131,8 +1201,6 @@ def addrow(self, e): self.callbacks.printOutput("Auto add to csv file only work if auto checklist load is configured") - - # function to handel event when save button clicked on test cases def SaveTestCases(self,e): selectedrow = self.logTable.getSelectedRow() @@ -1146,15 +1214,9 @@ def SaveTestCases(self,e): def exportvulnerability(self,e): totalrow = self.dataModel2.getRowCount() self.callbacks.printOutput(str(totalrow)) - - chooseFile = swing.JFileChooser() - - chooseFile.setFileSelectionMode(swing.JFileChooser.DIRECTORIES_ONLY) - returnedFile = chooseFile.showDialog(self.buttonPanel4, "Output Path") - #filter = FileNameExtensionFilter("csv files", ["csv"]) - #chooseFile.addChoosableFileFilter(filter) - #returnedFile = chooseFile.showDialog(self.buttonPanel4, "Choose File") - + chooseFile = JFileChooser() + chooseFile.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY) + returnedFile = chooseFile.showDialog(self.VulnerabilityButtonPanel, "Output Path") if returnedFile == JFileChooser.APPROVE_OPTION: fileLoad1 = chooseFile.getSelectedFile() self.filepath2 = fileLoad1.getPath() @@ -1169,9 +1231,6 @@ def exportvulnerability(self,e): paramter = self.dataModel2.getValueAt(int(row),1) Vulnerability = self.dataModel2.getValueAt(int(row),2) Severity = self.dataModel2.getValueAt(int(row),3) - #self.callbacks.printOutput(str(url)) - - #self.callbacks.printOutput(str(logEntry._sr)) writer.writerow([str(url), str(paramter) ,str(Vulnerability),str(Severity)]) vulnerabilitydata.close() @@ -1182,13 +1241,11 @@ def importvulnerability(self,e): chooseFile = JFileChooser() filter = FileNameExtensionFilter("csv files", ["csv"]) chooseFile.addChoosableFileFilter(filter) - ret = chooseFile.showDialog(self.tab, "Choose file") if ret == JFileChooser.APPROVE_OPTION: fileLoad = chooseFile.getSelectedFile() self.filepath = fileLoad.getAbsolutePath() - #self.dataModel2.setRowCount(0) with open(self.filepath, 'rb') as f: reader2 = csv.reader(f, delimiter=',') #self.data1 = list(reader) @@ -1200,16 +1257,11 @@ def importvulnerability(self,e): Severity = rows[3] except IndexError: Severity = None - obj = [URL,Parameter,Vulnerability,Severity] - self.dataModel2.addRow(obj) - f.close() - - # extending the default table model to remove the editable column from the checklist taB table class CustomDefaultTableModelHosts(DefaultTableModel): @@ -1228,10 +1280,6 @@ def isCellEditable(self, row, column): else: return 1 - - - - # Extedning the JTable for API Mapper TaB class Table(JTable): def __init__(self, extender): @@ -1240,46 +1288,98 @@ def __init__(self, extender): self.setRowSelectionAllowed(True) self.setAutoCreateRowSorter(True) - #self._txtInput = self._extender._txtInput - - - #self.setColumnSelectionAllowed(True) # Only last colum is allowed for editing def isCellEditable(self, row, column): - if column == 4: + if column == 4 or 5: return 1 else: return 0 # function that will change the request and test case for selected row def changeSelection(self, row, col, toggle, extend): - self.modelRowIndex = self.convertRowIndexToModel(row) - #self._extender.callbacks.printOutput(str(self.modelRowIndex)) - - # show the log entry for the selected row - #self._extender.getRowSorter().convertRowIndexToModel(row) + self.modelRowIndex = self.convertRowIndexToModel(row) self._extender._currentlySelectedLogTableRow = self.modelRowIndex logEntry = self._extender._log[int(self.modelRowIndex)] - #logEntry = self._extender._log[row] - #self._extender.requestViewer.setMessage(gettingrequest, True) self._extender.requestViewer.setMessage( logEntry._requestResponse, True) self._extender.responseViewer.setMessage( logEntry._response, True) text = logEntry._TestCases self._extender.testcases.setText(logEntry._TestCases) - - - #self._extender._responseViewer.setMessage(logEntry._requestResponse.getResponse(), False) self._extender._currentlyDisplayedItem = logEntry._requestResponse JTable.changeSelection(self, row, col, toggle, extend) + +##Class to handle auto save +class Autosaveclas(Thread): + def __init__(self,handlingoutput): + self._handlingoutput = handlingoutput + + Thread.__init__(self) + self._stop = Event() + + def run(self): + + #self._handlingoutput = handlingoutput + while not self.stopped(): + if self._handlingoutput.Autosavechecker == True: + + if os.path.isdir(str(self._handlingoutput.path)): + + if self._handlingoutput.logTable.getRowCount() > 0: + #self.path = fileLoad.getPath() + fname = "APIMapper"+"."+"csv" + fnameWithPath = os.path.join(self._handlingoutput.path,fname) + if os.path.exists(fnameWithPath): + os.remove(fnameWithPath) + self._handlingoutput.callbacks.printOutput("Saving the API Mapper output") + with open(fnameWithPath, 'wb') as loggerdata: + writer = csv.writer(loggerdata) + for logEntry in self._handlingoutput._log: + + #self.callbacks.printOutput(str(logEntry._sr)) + writer.writerow([str(logEntry._sr), str(logEntry._url) ,str(logEntry._method) ,str(logEntry._postbody) ,str(logEntry._FunctionalityName) ,str(logEntry._requestResponse) ,str(logEntry._TestCases),(logEntry._response).encode('utf-8').strip(),str(logEntry._status)]) + loggerdata.close() + else: + self._handlingoutput.callbacks.printOutput("Skipping the API Mapper, Table is empty") + if self._handlingoutput.dataModel2.getRowCount() > 0: + fname2 = "Vulnerability"+"."+"csv" + fnameWithPath2 = os.path.join(self._handlingoutput.path,fname2) + if os.path.exists(fnameWithPath2): + os.remove(fnameWithPath2) + self._handlingoutput.callbacks.printOutput("Saving the Vulnerability output") + totalrow = self._handlingoutput.dataModel2.getRowCount() + with open(fnameWithPath2, 'wb') as vulnerabilitydata: + writer = csv.writer(vulnerabilitydata) + for row in range (0, totalrow): + url = self._handlingoutput.dataModel2.getValueAt(row,0) + paramter = self._handlingoutput.dataModel2.getValueAt(int(row),1) + Vulnerability = self._handlingoutput.dataModel2.getValueAt(int(row),2) + Severity = self._handlingoutput.dataModel2.getValueAt(int(row),3) + #self.callbacks.printOutput(str(url)) + + #self.callbacks.printOutput(str(logEntry._sr)) + writer.writerow([str(url), str(paramter) ,str(Vulnerability),str(Severity)]) + vulnerabilitydata.close() + else: + self._handlingoutput.callbacks.printOutput("Skipping the Vulnerability, Table is empty") + else: + self._handlingoutput.autosavepath.setText("Output Directory doesn't exist") + time.sleep(int(self._handlingoutput.time) * 60) + + def stop(self): + self._stop.set() + + def stopped(self): + return self._stop.isSet() + + + #logger entry <- Class based python list to store the data for API Mapper tab/tabble class LogEntry: - def __init__(self, sr, url, method, postbody, requestResponse, FunctionalityName, TestCases, response): - #self._tool = 'hdh' + def __init__(self, sr, url, method, postbody, requestResponse, FunctionalityName, TestCases, response, status): self._sr = sr self._url = url self._method = method @@ -1288,6 +1388,47 @@ def __init__(self, sr, url, method, postbody, requestResponse, FunctionalityName self._FunctionalityName = FunctionalityName self._TestCases = TestCases self._response = response + self._status = status + +# Class to handle auto log requests from proxy +class Autologclas(IProxyListener): + def __init__(self,handlingoutput): + self._handlingoutput = handlingoutput + #self._handlingoutput.callbacks.registerHttpListener(self) + + def processProxyMessage(self,messageIsRequest, message): -#schedule.every(15).minutes.do(BurpExtender.trying) + if self._handlingoutput.Autologcheck == True: + if not messageIsRequest: + if self._handlingoutput.callbacks.isInScope(self._handlingoutput.helpers.analyzeRequest(message.getMessageInfo()).getUrl()): + + req = self._handlingoutput.helpers.analyzeRequest(message.getMessageInfo()) + self.url = self._handlingoutput.helpers.analyzeRequest(message.getMessageInfo()).getUrl() + response = message.getMessageInfo().getResponse() + responseInfo = self._handlingoutput.helpers.analyzeResponse(response) + + # Find out if image + self.responsetype = responseInfo.getInferredMimeType() + self.responsetype2 = responseInfo.getStatedMimeType() + self.exludelist = self._handlingoutput.Excludefiletextfield.getText().split(",") + + if (self.responsetype.upper() not in self.exludelist) and (self.responsetype2.upper() not in self.exludelist): + #if self.responsetype.upper() not in self.exludelist: + + self.method = req.getMethod() + self.requestinst = self._handlingoutput.helpers.bytesToString(message.getMessageInfo().getRequest()) + getody = req.getBodyOffset() + self.body = self.requestinst[getody:len(self.requestinst)] + self.responseinst = self._handlingoutput.helpers.bytesToString(message.getMessageInfo().getResponse()) + rowss = self._handlingoutput.logTable.getRowCount() + self.sr2 = str((rowss + 1)) + + self._handlingoutput._lock.acquire() + row = len(self._handlingoutput._log) + self._handlingoutput._log.append(LogEntry(self.sr2, self.url, self.method, self.body, self.requestinst, '', '', self.responseinst)) + self._handlingoutput.fireTableRowsInserted(row, row) + self._handlingoutput._lock.release() + + else: + self._handlingoutput.callbacks.removeProxyListener(self) \ No newline at end of file diff --git a/README.md b/README.md index e8b66f5..441c92a 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ The tab stores the URL and parameters and allows users to map the selected API t **4. Config** -The config tab allow you to set time for auto save after specific time peried and select the output location. You can also set the auto load the checklist file and Import and export data with one click. +The config tab allow you to set time for auto save after specific time peried and select the output location. You can also set the auto load the checklist file and Import and export data with one click. You can also turn on off the Auto Save and Auto Logging request from proxy for scope domain ![picture](./images/Config.png) @@ -62,13 +62,14 @@ ___ * ~~Single Click Import and Export~~ * ~~Auto Save the project Data~~ -* Auto Logging Scope APIs and requests with Optional mode +* ~~Auto Logging Scope APIs and requests with Optional mode~~ * ~~Seach option for all 3 tables to manage long table~~ * Solving long checklist selection from vulnerability * ~~Updating checklist file automatically~~ * ~~Map Vulnerabilities with Severity~~ * Custom and Default CVSS score generation * Multiple row selection for API Mapper -* Turn on off auto save from config -* Optimization of code -* Allowing individual request to mark as completed +* ~~Turn on off auto save from config~~ +* ~~Optimization of code~~ +* ~~Allowing individual request to mark as completed~~ + diff --git a/images/Config.png b/images/Config.png index 16fba22..0fd504b 100644 Binary files a/images/Config.png and b/images/Config.png differ